US Treasury hack linked to Silk Typhoon Chinese state hackers www.bleepingcomputer.com/news/secu…

​Chinese state-backed hackers, tracked as Silk Typhoon, have been linked to the U.S. Office of Foreign Assets Control (OFAC) hack in early December.

On Wednesday, a Bloomberg report confirmed this hypothesis and attributed the attack to the Silk Typhoon hacking group. According to two people familiar with the matter, the group is “believed to have stolen a digital key from BeyondTrust Inc., a third-party service provider, and used it to access unclassified information relating to potential sanctions actions and other documents.”

Silk Typhoon (also known as Hafnium) is a Chinese nation-state hacking group known for attacking a wide range of targets in the United States, Australia, Japan, and Vietnam, including defense contractors, policy think tanks, and non-governmental organizations (NGOs) as well as healthcare, law firms, and higher education organizations.

This Advanced Persistent Threat (APT) group’s cyberespionage campaigns mainly focus on data theft and reconnaissance, using zero-day vulnerabilities and tools like the China Chopper web shell.

Hafnium became more widely known in 2021 after exploiting Microsoft Exchange Server zero-day flaws (collectively known as ProxyLogon), compromising an estimated 68,500 Exchange servers by the time security patches were released.